http://www.cert.org/tech_tips/WIDC.html
(...)
This document outlines suggested steps for determining whether your Windows
system has been compromised. System administrators can use this information to
look for several types of break-ins. We also encourage you to review all
sections of this document and modify your systems to address potential
weaknesses.

The term "Windows system" is used throughout this document to refer to systems
running Windows 2000, Windows XP, and Windows Server 2003. Where there is a
distinction between the various operating system versions (e.g., a capability
available to only one OS version) the document will note this as such.

In this document, we make a distinction between the terms "auditing" and
"monitoring". We use auditing to indicate the logging or collection of
information and use monitoring to indicate the routine review of information
obtained by auditing to determine occurrences of specific events.